Hi Team,
Is it possible to use OKTA as authorization server and any other system as resource server.
e.g. Can I generate access token using OKTA API (token URL and credentials) and use this token to access any other system API.
No. You can use systems such a saml which compares the certificates of the application against each other but only Okta can use it’s API token and vice versa.
It depends on the system in question.
If you are referring to a resource server of your own, then yes, you can, using a custom authorization server in Okta, secure it by requiring and validating tokens from Okta. In short, an OIDC application would generate the tokens and, when attempting to access your endpoints, the client would send the access token to your server. Your server would then want to validate the token and determine if the user/client is authorized to interact with the accessed resource.
If this is your use case, you may also want to look at the following guide: Protect your API Endpoints
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.